New CompTIA CAS-002 Exam Dumps Collection (Question 16 - Question 22)

Q1. A web services company is planning a one-time high-profile event to be hosted on the corporate website. An outage, due to an attack, would be publicly embarrassing, so Joe, the Chief Executive Officer (CEO), has requested that his security engineers put temporary preventive controls in place. Which of the following would MOST appropriately address Joe's concerns?

D. Purchase additional bandwidth from the companyu2019s Internet service provider.

Answer: C

Q2. A firmu2019s Chief Executive Officer (CEO) is concerned that IT staff lacks the knowledge to identify complex vulnerabilities that may exist in a payment system being internally developed. The payment system being developed will be sold to a number of organizations and is in direct competition with another leading product. The CEO highlighted that code base confidentiality is of critical importance to allow the company to exceed the competition in terms of the productu2019s reliability, stability, and performance. Which of the following would provide the MOST thorough testing and satisfy the CEOu2019s requirements?

A. Sign a MOU with a marketing firm to preserve the company reputation and use in-house resources for random testing.

B. Sign a BPA with a small software consulting firm and use the firm to perform Black box testing and address all findings.

C. Sign a NDA with a large security consulting firm and use the firm to perform Grey box testing and address all findings.

D. Use the most qualified and senior developers on the project to perform a variety of White box testing and code reviews.

Answer: C

Q3. A company is deploying a new iSCSI-based SAN. The requirements are as follows: Which of the following design specifications meet all the requirements? (Select TWO).

A. Targets use CHAP authentication

B. IPSec using AH with PKI certificates for authentication

C. Fiber channel should be used with AES

D. Initiators and targets use CHAP authentication

E. Fiber channel over Ethernet should be used

F. IPSec using AH with PSK authentication and 3DES

G. Targets have SCSI IDs for authentication

Answer: B,D

Q4. A company Chief Information Officer (CIO) is unsure which set of standards should govern

the companyu2019s IT policy. The CIO has hired consultants to develop use cases to test against various government and industry security standards. The CIO is convinced that there is large overlap between the configuration checks and security controls governing each set of standards. Which of the following selections represent the BEST option for the CIO?

A. Issue a RFQ for vendors to quote a complete vulnerability and risk management solution to the company.

B. Issue a policy that requires only the most stringent security standards be implemented throughout the company.

C. Issue a policy specifying best practice security standards and a baseline to be implemented across the company.

D. Issue a RFI for vendors to determine which set of security standards is best for the company.

Answer: C

Q5. A system worth $100,000 has an exposure factor of eight percent and an ARO of four. Which of the following figures is the systemu2019s SLE?

A. $2,000 B. $8,000 C. $12,000 D. $32,000

Answer: B

Q6. The telecommunications manager wants to improve the process for assigning company- owned mobile devices and ensuring data is properly removed when no longer needed. Additionally, the manager wants to onboard and offboard personally owned mobile devices that will be used in the BYOD initiative. Which of the following should be implemented to ensure these processes can be automated? (Select THREE).

A. SIMu2019s PIN

B. Remote wiping

C. Chargeback system

D. MDM software

E. Presence software

F. Email profiles

A. G. Identity attestation

H. GPS tracking

Answer: B,D,G

Q7. A company has a difficult time communicating between the security engineers, application developers, and sales staff. The sales staff tends to overpromise the application deliverables. The security engineers and application developers are falling behind schedule. Which of the following should be done to solve this?

A. Allow the sales staff to shadow the developers and engineers to see how their sales impact the deliverables.

B. Allow the security engineering team to do application development so they understand why it takes so long.

C. Allow the application developers to attend a sales conference so they understand how business is done.

D. Allow the sales staff to learn application programming and security engineering so they understand the whole lifecycle.